Sunday, July 10, 2016

Toolsmith Release Advisory: Steph Locke's HIBPwned R package

I'm a bit slow on this one but better late than never. Steph dropped her HIBPwned R package on CRAN at the beginning of June, and it's well worth your attention. HIBPwned is an R package that wraps Troy Hunt's HaveIBeenPwned.comAPI, useful to check if you have an account that has been compromised in a data breach. As one who has been "pwned" no less than three times via three different accounts thanks to LinkedIn, Patreon, and Adobe, I love Troy's site and have visited it many times.

When I spotted Steph's wrapper on R-Bloggers, I was quite happy as a result.
Steph built HIBPwned to allow users to:

Set up your own notification system for account breaches of myriad email addresses & user names that you have

Check for compromised company email accounts from within your company Active Directory

Analyse past data breaches and produce reports and visualizations

I installed it from Visual Studio with R Tools via install.packages("HIBPwned", repos="http://cran.rstudio.com/", dependencies=TRUE).
You can also use devtools to install directly from the Censornet Githubif(!require("devtools")) install.packages("devtools")# Get or upgrade from githubdevtools::install_github("censornet/HIBPwned")
Source is available on the Censornet Github, as is recommended usage guidance.
As you run any of the HIBPwned functions, be sure to have called the library first: library("HIBPwned").

As mentioned, I've seen my share of pwnage, luckily to no real impact, but annoying nonetheless, and well worth constant monitoring.
I first combined my accounts into a vector and confirmed what I've already mentioned, popped thrice:account_breaches(c("rmcree@yahoo.com","holisticinfosec@gmail.com","russ@holisticinfosec.org"), truncate = TRUE)$`rmcree@yahoo.com` Name1 Adobe$`holisticinfosec@gmail.com` Name1 LinkedIn$`russ@holisticinfosec.org` Name1 Patreon

You may want to call specific details about each breach to learn more, easily done continuing with my scenario using breached_site() for the company name or breached_sites() for its domain.

Breached

You may also be interested to see if any of your PII has landed on a paste site (Pastebin, etc.). The pastes() function is the most recent Steph added to HIBPwned.

Pasted

Uh oh, on the list here too, not quite sure how I ended up on this dump of "Egypt gov stuff". According to PK1K3, who "got pissed of at the Egypt gov", his is a "list of account the egypt govs is spying on if you find your email/number here u are rahter with them or slaves to them." Neither are true, but fascinating regardless.

Need some simple markdown to run every so often and keep an eye on your accounts? Try HIBPwned.Rmd. Download the file, open it R Studio, swap out my email addresses for yours, then select Knit HTML. You can also produce Word or PDF output if you'd prefer.

Report

Great stuff from Steph, and of course Troy. Use this wrapper to your advantage, and keep an eye out for other related work on itsalocke.com.

1 comment:

I've submitted a PR to your RMD - you said you're learning R so I thought you might appreciate seeing how you can make a presentation function that combines the results into a table and shows it more prettily than my basic examples do. Different people have different table manipulation package preferences so I avoided being partisan in my vignettes and README ;)

You may also be interest in this gist for building a simple word cloud of breaches where the size of the name is based on the size of the breach... https://gist.github.com/stephlocke/865c368e627021970ac6645722a6d9ef

What is the best Toolmsith tool of the last ten years?

ASJA Awards Prize Winning Article

Subscribe To HolisticInfoSec

About Me

Russ McRee runs the Blue Team for Microsoft's Windows and Devices Group (WDG). He writes the monthly column toolsmith. Russ has spoken infosec events such Defcon, Black Hat, RSA,and FIRST and has published in the likes of Information Security, Linux Magazine, (IN)SECURE, and SysAdmin. As an advocate of a holistic approach to information security, Russ' website is holisticinfosec.org.
He also serves as a volunteer handler for the SANS Internet Storm Center.